FDIC Warns of Heightened Cyber Security Risks
The FDIC responded to increasing geopolitical risks (i.e. Iran post-Soleimani), with a statement "to remind supervised financial institutions of sound cybersecurity risk management principles."
Financial institutions have recently faced fines and sanctions for avoidable cyber attacks.
[Criminals] often obtain access to financial institution systems and networks by compromising user credentials and introducing malware through social engineering employees and contractors with phishing attacks.
In its statement, the FDIC reminds financial institutions of sound cyber risk management practices, including:
- Response, Resilience, and Recovery Capabilities
- Identity and Access Management
- Network Configuration and System Hardening
- Employee Training
- Security Tools and Monitoring
- Data Protection
Regarding Employee Training, the FDIC says the program must be:
- Ongoing - employee training on recognizing cyber threats, phishing, and suspicious links must be continuous
- Effective - firms must measure the effectiveness of their training programs
As risks and regulations increase, financial institutions are turning to INFIMA's fully automated Cyber Security Training to keep their teams safe.
Want to learn more? Start here!
For more information on each of these points, see the FDIC's formal statement here.